Create, import, and manage filters to detect events in your environment.
 |
ImportantYou can have up to 50 custom filters.
|
The Custom Filters tab of Detection Model
Management allows you to import and create custom
filters that Trend Vision One can use to detect events
in your environment and enable custom models to trigger Workbench alerts.
The following table outlines the actions available on the Custom Filters
tab.
|
Action
|
Description
|
||
|
Add a custom filter
|
Click Add to create a custom
filter
|
||
|
Import custom filters
|
Click Import Filters (
 ) to import YAML files containing custom filters.Imported YAML files must follow the Trend Micro Sigma specification. Each YAML file must contain one filter only.
|
||
|
Export select custom filters
|
Select one or more filters, then click Export Selected Filters to
export your filters into a ZIP file containing a YAML file for each custom filter
you
select.
When the export completes, click
 in the Export Custom Filters
window to copy the password needed to open the ZIP file. |
||
|
Export all custom filters
|
Click
 to export all your filters into a ZIP file containing
a YAML file for each custom filter.When the export completes, click
in the Export Custom Filters
window to copy the password needed to open the ZIP file. |
||
|
Filter custom filter data
|
Use the Search field and the available dropdown lists to locate
specific custom filters.
|
||
|
See the details of a filter
|
Click a filter name to view detailed information about the custom filter.
|
||
|
Edit a custom filter
|
Click
 to edit a custom filter.
|
||
|
Delete a custom filter
|
Click
 to delete a custom filter.
|
) next to the filter name indicates filter is disabled due to excessive execution
time, which may cause associated models to not function properly.